RE: Security Questions

  • From: "MacGregor, Ian A." <ian@xxxxxxxxxxxxxxxxx>
  • To: <cemail_219@xxxxxxxxxxx>, <oracle-l@xxxxxxxxxxxxx>
  • Date: Tue, 24 Jan 2006 14:49:27 -0800

Before revoking those privileges
You should run code to check if the package is called by anyone else

Select distinct owner from dba_dependencies
Where referenced_name = 'DBMS_RANDOM';

Then grant the privileges directly to those "owners".  Any oracle created user 
you are not using should be locked, its password changed, and expired. 

Ian MacGregor
Stanford Linear Accelerator Center

-----Original Message-----
From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx] On 
Behalf Of J. Dex
Sent: Tuesday, January 24, 2006 7:25 AM
To: oracle-l@xxxxxxxxxxxxx
Subject: Security Questions

For those of you who have had security audits, I am wondering about a couple 
of things.....

Does it matter if standard Oracle roles are NOT password protected?  Does it 
only need to be non-standard roles that are password protected?

PUBLIC typically has some execute privileges, dbms_random, etc.  Will it 
adversely effect anything if those privileges are revoked?

On the road to retirement? Check out MSN Life Events for advice on how to 
get there!



Other related posts: